IOS SSL VPN and Thin Client

Unanswered Question
Jan 21st, 2010
User Badges:

Hi All,


I have setup SSL VPN on a border C871 with port forwarding for Telnet and ssh access to inside C3845 routers. The inside router has ACL enabled to controll access on vty lines. When I remove the ACL, I can successfully telnet 127.0.0.1 3000 from local PC to the inside router. When the ACL is enabled, I cannot access the router. One would think this is normal. But the problem is there even if I have a 'permit any' statement in the ACL to allow any access. Here is the script:


-------------------------

access-list 99 permit any

line vty 0 4

access-class 99 in

transport input all

!

--------------------------


C871 is in version c870-advipservicesk9-mz.124-15.T9.bin; and C3845 is in c3845-advipservicesk9-mz.124-9.T7.bin.


Any ideas on this would be appreciated.


Thanks.


Chuan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
james.bastnagel Fri, 01/22/2010 - 10:27
User Badges:

Chuan,


Can you post a copy of the ACL itself and confirm what port you are using for telnet access? From your post it appears that you may be using port 3000, but I am unclear on that piece.


James

Chuan Liu Mon, 01/25/2010 - 12:12
User Badges:

Hi James,


I cannot access even when the ACL has only one statement: access-list 99 per any.


In the SSL VPN router, port 3000 is defined for ssh.


port-forward "Core01"
   local-port 3000 remote-server "192.168.179.193" remote-port 22


When connected from Laptop to the SSL VPN router, I telnet on 127.0.0.1 3000 from DOS prompt.

When the above ACL is removed, the telnet is working.


Thanks for your idea,


Chuan

Actions

This Discussion